Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cb1e4d0356...ad.exe

windows7-x64

10

cb1e4d0356...ad.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cb1e4d0356aed5ebf2a071bb937acc7c5fed8188b2d3abbce27b6d0761b1a0ad.exe

  • Size

    543KB

  • Sample

    241009-mfdk4syhrj

  • MD5

    94127a1ca4898c0e04e79ecea0e05b50

  • SHA1

    ea69723e32956765d179fbe60cf2221d6d35c679

  • SHA256

    cb1e4d0356aed5ebf2a071bb937acc7c5fed8188b2d3abbce27b6d0761b1a0ad

  • SHA512

    0a1739e0b3381fde73438e3bb7cf395233d0b19efb74c7c39fed3b5261128cec8d13eb925ca3de3ecbc1a274b524552b607068b2c5418deda615066f4a577257

  • SSDEEP

    12288:rOSf8bQbp898xpDVO0j/Zljlx91d1q9jt0p0oIR1PhY:rOIpTpDo0zvhT1d1q9jtQ1IRQ

Score
10/10
snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

Malware Config

Targets

    • Target

      cb1e4d0356aed5ebf2a071bb937acc7c5fed8188b2d3abbce27b6d0761b1a0ad.exe

    • Size

      543KB

    • MD5

      94127a1ca4898c0e04e79ecea0e05b50

    • SHA1

      ea69723e32956765d179fbe60cf2221d6d35c679

    • SHA256

      cb1e4d0356aed5ebf2a071bb937acc7c5fed8188b2d3abbce27b6d0761b1a0ad

    • SHA512

      0a1739e0b3381fde73438e3bb7cf395233d0b19efb74c7c39fed3b5261128cec8d13eb925ca3de3ecbc1a274b524552b607068b2c5418deda615066f4a577257

    • SSDEEP

      12288:rOSf8bQbp898xpDVO0j/Zljlx91d1q9jt0p0oIR1PhY:rOIpTpDo0zvhT1d1q9jtQ1IRQ

    Score
    10/10
    snakekeyloggercollectiondiscoveryexecutionkeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Snake Keylogger payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.